As people get more jumpy about their personal privacy, the more anti-snooping devices appear on the market. BlackBerry have said they’re going to release a privacy-concerned device.
One handset that has people talking is the Blackphone 2, from Silent Circle. They have revamped their phone, and it aims to help you manage your personal data by adding software to the standard-issue Android OS.
You will be able to fine-tune what each app, site visited and service does, and what information it gives out while you use them.
This particular phone will cost you around £525, and will provoke puns based around ‘Paranoid Android’. What does it do you ask? Well, if you buy a Blackphone 2, you’ll be able to manage data sharing via the phone’s security centre, and you’ll be able to edit and mess around with each of your apps.
“At the moment it’s often about accepting everything or denying all the app permission requests,” said David Puron, head of engineering at Silent Circle. “We wanted it to be more fine-grained than that.”
“The industry is moving in the right direction and is incorporating the permission controls which is something we have done for 18 months,” he added. “It’s a good sign that these technologies are being progressively adopted.”
The phone lets you create separate virtual spaces, who you can set differing permissions for apps, depending on whether they’re being used personally, for work, or whether you’re letting your child play with your phone. It’ll enable encryption by default, and can be wiped remotely too. Sound like your kind of thing, or are you not arsed anymore and know that privacy is long dead and you might as well enjoy how Google link everything up, after poking around in your business?
Anyway, if you want the option of going off the map, it looks like there’s going to be a number of phones on the market to fulfil that need.
Apple, who have been the bastions of cleanliness and righteousness (in their own minds) for such a long time, are having a ‘mare. An update has been making people’s iPhones crash (here’s how to fix it), Apple accounts have been stolen, and the camera borked (how to fix that, here).
Now, they have confirmed that malicious code has found its way into a number of official apps that are being sold in the App Store.
In a statement, Apple said that they’d found and removed apps that included a malicious program called Xcode Ghost, which is a fake version of Apple’s software development program Xcode. This thing hides malware in legit apps, and Apple said: “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
One of the popular apps that were affected was WeChat, where bad versions of it appeared and were available globally. WeChat themselves, said that the issue affected an older version of their program, so if you’ve been keeping it up-to-date, you should be fine. The company say that, thus far, they’ve not found anyone who has had their personal information swiped.
So, another public black eye for Apple, as they’ve been letting so many apps with nasty code through their normally watertight development stage. They need to sort it out, quickly.
While the government are trying to stop people from undertaking Freedom of Information requests, so we can’t look at their correspondence and dodgy deals, funnily enough, they’re not so concerned about privacy when it comes to the public’s messages.
MI5 boss Andrew Parker is asking the government to get new powers to monitor communications, which means that encrypted messaging services like WhatsApp and iMessage could be banned.
Of course, they’re blaming terrorists again, and Parker has said internet companies have a “responsibility” to share information about their users, and that the use of strong encryption in apps should be illegal.
This backs David Cameron’s views on the matter, where he said that he doesn’t want to “allow a means of communication between people which we cannot read”. Maybe, like the government’s FOI idea, we should all charge the authorities £600-a-pop if they want to look in our messages. Sound fair?
Parker reckons that encryption is “creating a situation where law enforcement agencies and security agencies can no longer obtain under proper legal warrant the contents of communications between people they have reason to believe are terrorists”.
“They are using secure apps and internet communication to try to broadcast their message and incite and direct terrorism amongst people who live here who are prepared to listen to their message.” He added that it “is in nobody’s interests that terrorists should be able to plot and communicate out of the reach of any authorities with proper legal power”.
Just imagine, if we can’t have encrypted messages, what baddies might be able to do, if they can hack into everyone’s messages too! Of course, Apple and Facebook (who own iMessage and WhatsApp respectively) are keen to commit to their users privacy (apart from all the times they use your details to make cash and the like).
Anyway, keep an eye out for the Home Secretary bringing back the Snooper’s Charter, as your privacy isn’t too much of a concern to the current government.
The theft happened in July, and the police are looking into it. The customers that are affected are those with a Premier Account. As this type of account comes with home insurance bundled in, there’s a lot of details to be had, including names, addresses, account numbers and sort codes.
The box was stolen from a Royal Sun Alliance data room, who were providing the home insurance, and customers who opened accounts between 2006 and 2012, and who made a claim on their policy, are those affected.
“We recognise this should never have happened and apologise to all customers who have been impacted,” said a spokesperson for RSA. Royal Sun Alliance said that they’re going to give those affected £20 each, to fully refund two years cover. You’d think they’d chuck a bit more in for an added apology, but there you go.
Thus far, it is thought that no accounts have been compromised, but investigations continue to make sure.
Lloyds said that they have got in touch with those who have been hit by this theft, but if you have further questions or you feel like you should have been contacted, but haven’t, you can call the freephone number 0800 316 8090.
There’s further advice available on the RSA website.
It is advised that you get Cifas protection too. You can do that at the Cifas website, or write to them at: Cifas Protective Registration, 6th Floor, Lynton House, 7-12 Tavistock Square, London, WC1H 9LT. Or you can email them at firstname.lastname@example.org, or call them on 0330 100 0180.
Quick! Stick some Blu-Tac on your front facing cameras! There’s a new ransomware porn app on Android named ‘Adult Player’, and it is taking photos of its victims while you’re ‘on the job’. The app then uploads the images on a screen, and then hits you with a ransom message.
That’s not very nice is it?
The security firm Zscaler rumbled the app, which is masquerading as a video player for dirty films. When you start watching some knacky films, it starts to silently take photos of you. If you’re messing with your uglies at the time, this could be described as a ‘compromising situation’. Then, the app demands $500 (which is over £300 in sterling).
The screen which shows the ransom is designed so it’ll stick around, even if you reboot your device. It won’t allow you to use your device and will keep the screen active with annoying, and distressing messages.
“During the course of our daily malware hunt, we came across a new mobile ransomware variant which leverages pornography to lure victims into downloading and installing it,” said the firm.
So, to be on the safe side, you should only download apps from the official Google Play store and other trusted app sites. If you’re still worried, you can look at the ‘Unknown Sources’ option under the ‘Security’ settings of your device. Failing that, you could film the most embarrassing sex tape ever, send it to every single person you know and work with, and you’ll be free from all future blackmail and ransom.
Might be best to avoid downloading dodgy apps for the time being though.
If being single isn’t tough enough, all the baddies on the internet are going after their dating profiles. AshleyMadison was the big profile hack, complete with leaks, and now, Match.com has been compromised as well.
A security alert was issued by an outfit called Malwarebytes, and they noted that the dating site was hacked and has spilled data all over the place. A hackers version of a money shot, if you like.
Malwarebytes said the site has fallen victim to malvertising, which looks to swindle the lonely out of their hard earned money. It is thought that there’s 5.5 million users at risk from this attack, which happens to be based on the Bedep trojan for those of you who know about this sort of thing. In plain English, it means that ne’er-do-wells can get at a load of private info and start trying to cadge money from you.
“The cost per thousand impressions for the booby trapped ad was only 36c, which is nothing compared to how much infected computers can bring in terms of revenues. For instance, CryptoWall demands $500 per victim,” said Jerome Segura, senior security researcher at Malwarebytes.
“We alerted Match.com and the related advertisers, but the malvertising campaign is still ongoing via other routes.”
A spokesperson for Match.com told The Inquirer: “We take the security of our members very seriously indeed. We are currently investigating this alleged issue.”
If you’re a gadget fiend and have a baby monitor that can connect to the internet, then you better listen up. Of course, if you have a normal baby monitor or just rely on your ears, then feel free to tut at new technology (like you needed permission).
These monitors that connect to the internet, so you can listen to your child when you’re away from home, are vulnerable to hacks according to security firm Rapid 7.
Their study shows that at least nine internet-connected baby monitors are vulnerable to these attacks, which means that ne’er-do-wells would be able to monitor your house. Some models have unencrypted web apps, so hackers can even get in and access their cameras.
Others will let hackers add people to the list of viewers, which means anyone could be hawking your home.
You can read Rapid7′s report here, which gives you everything you need to know about all this, including a list of all the products that they have tested and the corresponding vulnerabilities.
This is clearly one of the big problem facing the myriad of gadgets that are going to be part of the ‘internet of things’.
Travelodge’s logo is someone sleeping – we all knew that. However, it is obvious that they’re being peeped on through a monitor when you look closer, which is unfortunate considering that a guest found that someone had hidden a camera in her shower.
That’s right - a lady found that there was a camera hidden in her shower, which was connected to the caretaker’s cupboard.
Harmony Hachey said she found the device hidden away in an air vent at the Oxford Wheatley Travelodge. The staff at the hotel traced it back to the caretaker’s cupboard and apologised hastily, switched rooms and gave her a full refund.
A spokesperson for Travelodge said the hotel is working with local police about the incident.
“We can confirm that on Friday 28th August 2015 a customer at our Oxford Wheatley hotel made us aware of the presence of what appeared to be a camera in their room,” they said. “The privacy of our customers is a matter of the highest importance to us and the hotel team investigated immediately. While the camera appeared to be inoperative, we have reported this matter to the police and we are now supporting them fully with their ongoing investigations.”
Harmony posted on Facebook: “It’s obvious that the camera was put there for one reason and one reason ONLY, even when the regional manager tried to tell me it was being used for maintenance!” She posted photos of the offending item too, which you can see below.
WHSmith is annoying enough at the best of times, so the latest news about them is surely set to grind everyone’s gears even further. The retailer seems to be leaking personal contact information to anyone using their contact forms.
Talking to the Huffington Post, WHSmith said the leak happened due to a “bug” in the system.
“It is a bug not a data breach. We believe that this has impacted fewer than 40 customers who left a message on the ‘Contact Us’ page where this bug was identified, that has resulted in some customers receiving e mails this morning that have been misdirected in error.”
“I-subscribe have immediately taken down their ‘Contact Us’ online form which contains the identified bug, while this is resolved. I-subscribe are contacting the customers concerned to apologise for this administrative processing error. We can confirm that this issue has not impacted or compromised any customer passwords or payment details and we apologise to the customers concerned.”
Even though Apple’s iOS is well regarded for its robust security, it isn’t completely without the risk of some swine causing bother with it. If you jailbreak a phone, you do away with all that lovely security so you can get full control of your gadget.
With that, malware is being installed via third-party iOS apps onto jailbroken iPhones, which has resulted in what is being described as “the largest known Apple account theft caused by malware.”
The malware is called KeyRaider, and has stolen around 225,000 iOS users’ Apple account credentials, purchasing receipts, certificates and private keys according to the security firm, Palo Alto Networks and Chinese iPhone developers Weiptech.
And now, for a lot of jargon.
“The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device. KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads,” the Palo Alto Networks wrote in a blog post.
So what’s happening, in plain English? Around 225,000 accounts are thought to be affected, and some people have said that their accounts are showing abnormal purchasing history. Others have said that their phones are being held for ransom by people who are best described as ‘not-rights’.
If you don’t have a jailbroken iPhone, iPad or iPod, then you don’t need to do anything at all. You’re golden. Those with affected jailbroken phones reside in countries including the UK, France, Germany, Australia, Russia, Japan, America, Canada, Israel, Italy, Spain, Singapore, and South Korea.
You can read all of Palo Alto Networks findings and check out their tool which will help you to check if your device has been affected and some other helpful bits… click here.